下载好题目后,可以看到level1和output.txt这两个文件。其中output.txt里面的数字就是我们要逆向的地方。
用IDA打开,进入到主函数
int __cdecl main(int argc, const char **argv, const char **envp)
{
FILE *stream; // ST08_8
signed int i; // [rsp+4h] [rbp-2Ch]
char ptr[24]; // [rsp+10h] [rbp-20h]
unsigned __int64 v7; // [rsp+28h] [rbp-8h]
v7 = __readfsqword(0x28u);
stream = fopen("flag", "r");
fread(ptr, 1uLL, 0x14uLL, stream);
fclose(stream);
for ( i = 1; i <= 19; ++i )
{
if ( i & 1 )
printf("%ld\n", (unsigned int)(ptr[i] << i));
else
printf("%ld\n", (unsigned int)(i * ptr[i]));
}
return 0;
}
首先这几行是用来读取flag文件(这个文件出题方并没有给我们)。然后关闭读取文件的流
stream = fopen("flag", "r");
fread(ptr, 1uLL, 0x14uLL, stream);
fclose(stream);
接着这里for循环19次,和output.txt里的19个整数相对应
for ( i = 1; i <= 19; ++i )
i & 1这里是判断奇偶的意思,即可以理解为i % 2
if ( i & 1 ) printf("%ld\n", (unsigned int)(ptr[i] << i));
else printf("%ld\n", (unsigned int)(i * ptr[i]));
Python3代码:
key = [ 198, 232, 816, 200, 1536, 300, 6144, 984, 51200, 570, 92160, 1200, 565248, 756, 1474560, 800, 6291456, 1782, 65536000 ]
flag = ""
for i in range(1,20):
if i & 1: # 也可以写成i % 2 == 1
flag = flag + chr(key[i-1] >> i)
else:
flag = flag + chr(key[i-1] // i)
print(flag) # 输出的结果:ctf2020{d9-dE6-20c}
所以答案为:flag{d9-dE6-20c}